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Office Action Summarv 


Application No. 

09/918,615 


Applicant(s) 
ROGAWAY, PHILLIP W. 


Examiner 

Kevin Schubert 


Art Unit 

2137 





-- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 



Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)13 Responsive to communication(s) filed on 05 July 2005 . 
2a)£3 This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) £3 Claim(s) 67-70 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) E3 Claim(s) 68 is/are allowed. 

6) IEI Claim(s) 67,69-70 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) E3 The specification is objected to by the Examiner. 

10)£3 The drawing(s) filed on 30 July 2001 is/are: a)D accepted or b)S objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)Q None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 

3-D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) (Zl Notice of References Cited (PTO-892) 4) Q Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) p ap© r No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5 ) D Notice of Informal Patent Application (PTO-152) 

Paper No(s)/Mail Date . 6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 20050713 
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DETAILED ACTION 

Claims 67-70 have been considered. 



Specification 

The abstract is objected to for being too long. The abstract should be revised and follow the 
guidelines below. 



Applicant is reminded of the proper language and format for an abstract of the disclosure. 

10 The abstract should be in narrative form and generally limited to a single paragraph on a separate 

sheet within the range of 50 to 150 words. It is important that the abstract not exceed 150 words in length 
since the space provided for the abstract on the computer tape used by the printer is limited. The form 
and legal phraseology often used in patent claims, such as "means" and "said," should be avoided. The 
abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need 

1 5 for consulting the full patent text for details. 



The language should be clear and concise and should not repeat information given in the title. It 
should avoid using phrases which can be implied, such as, "The disclosure concerns," "The disclosure 
defined by this invention," "The disclosure describes," etc. 

20 



Drawings 

Figures 6-10 should be designated by a legend such as --Prior Art- because only that which is 
old is illustrated. See MPEP § 608.02(g). Corrected drawings in compliance with 37 CFR 1.121(d) are 
required in reply to the Office action to avoid abandonment of the application. The replacement sheet(s) 
25 should be labeled "Replacement Sheet" in the page header (as per 37 CFR 1.84(c)) so as not to obstruct 
any portion of the drawing figures. .If the changes are not accepted by the examiner, the applicant will be 
notified and informed of any required corrective action in the next Office action. The objection to the 
drawings will not be held in abeyance. 



30 Allowable Subject Matter 

The following is a statement of reasons for the indication of allowable subject matter: Claims 67- 
68 present an authenticated-encryption method which distinguishes over the prior art. Though the idea of 
an authenticated-encryption method is known in the prior art and has been done by inventors such as 
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Gligor, the examiner finds no mention of the following claim limitation used in an authenticated-encryption 
method: 

"using the block cipher, the key, and the nonce to generate a sequence of m offsets, each offset 
having n bits, wherein the sequence of offsets is computed by (a) computing a 0 th basis offset by applying 
5 the block cipher, keyed by the key, to a constant; (b) for each positive number i, defining the ith basis 
offset from the prior basis offset by shifting the prior basis offset left one position, and then xoring the 
resulting value with a constant that depends on the first bit of the prior basis offset; (d) computing a base 
offset by applying the block cipher, keyed by the key, to the xor of the 0 th basis offset and the nonce; (e) 
defining the 1 st offset in the sequence of offsets as the xor of the 0 th basis offset and the base offset; and 
10 (f) for each integer i between two and m, defining the ith offset in the sequence of offsets as the xor of the 
prior offset and the jth basis offset, where j is the number of zero-bits following the last one-bit when the 
number is written in binary". 

Furthermore, the examiner does not believe the specific claim limitation above would have been 
obvious to one of ordinary skill in the art at the time the invention was filed as the limitation is integrally 
15 used in the system to form a cohesive approach to performing an efficient authenticated-encryption 
method. 



Claim Rejections - 35 USC §101 



35 U.S.C. 101 reads as follows: 



20 



Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 



25 



Claims 67 and 69 are directed to non-statutory subject matter. The claims are directed to an 



abstract method which requires nothing tangible. The examiner suggests the applicant amend the 



preamble to "A computer-implemented authenticated-encryption method" from "An authenticated- 



encryption method". Appropriate correction is required. 
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Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
5 forth in section 102 of this title, if the differences between the subject matter sought to be patented and 

the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

10 

Claims 69-70 are rejected under 35 U.S.C. 103(a) as being unpatentable over Gligor, U.S. Patent 
No. 2001/0033656, in view of Jutla (Jutla, Charanjit. Encryption Modes with Almost Free Message 
Integrity. August 2000) in further view of Menezes (Menezes, Alfred J. Handbook of Applied 
Cryptography. 1997. CRC Press. Pages 321-383). 

15 

As per claims 69-70, the applicant describes an authenticated-encryption method that uses an n- 
bit block cipher, a key, and an n-bit nonce to encrypt a message into a ciphertext, the method comprising 
the following limitations which are met by Gligor, Jutla, and Menezes: 

a) partitioning the message into m-1 message blocks and one final fragment, each message 
20 block having n bits and the final fragment having between 0 and n bits (Gligor: Fig 9); 

b) generating m+1 offsets using a sequence shift and xor operations, this sequence of shift and 
xor operations being applied to a starting value determined using the block cipher, the key, and the nonce 
(Gligor: Fig 9); 

c) for each number i between 1 and m-1, xoring the ith message block with the ith offset to 
25 determine an ith input block (Jutla: Fig 2 of page 5); 

d) for each number i between 1 and m-1, applying the block cipher, keyed by the key, to the ith 
input block, to determine an ith output block (Jutla: Fig 2 of page 5); 

e) for each number i between 1 and m-1, xoring the ith output block with the ith offset to 
determine an ith ciphertext block (Jutla: Fig 2 of page 5); 

30 f) concatenating the m-1 ciphertext blocks to determine a ciphertext body (Gligor: Fig 9); 
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g) computing an encoded length by encoding the length of the final fragment as an n-bit string 
(Jutla: [0025]); 

h) xoring the encoded length with the mth offset to determine a precursor pad (Menezes: page 

340); 

5 i) computing a pad by applying the block cipher, keyed by the key, to the precursor pad (Gligor: 

Fig 9); 

j) xoring the final fragment with a portion of the pad to determine a ciphertext fragment having the 
same length as the final fragment (Menezes: page 340); 

k) computing a padded ciphertext fragment by appending to the ciphertext fragment a sufficient 
10 number of zero bits so that the padded ciphertext fragment has n bits (Gligor: [0025]; 

I) computing a checksum by xoring together the m-1 message blocks, the pad, and the padded 
ciphertext fragment (Gligor: Fig 9); 

m) computing a precursor full tag by xoring together the checksum and the (m+1)st offset (Gligor: 

Fig 9); 

15 n) determining a full tag by applying the block cipher, keyed by the key, to the precursor full tag 

(Gligor: Fig 9); 

o) computing a tag as a portion of the full tag (Gligor: Fig 9); 

p) defining the ciphertext to be the ciphertext body, the ciphertext fragment, and the tag (Gligor: 

Fig 9); 

20 Gligor discloses an authentication-encryption technique which meets most of the limitations of the 

above claim. However, Gligor does not disclose that an offset is combined with a message block before 
the block cipher. Jutla discloses an authenticated-encryption method similar to that of the applicant's 
called IAPM (Integrity Aware Parallizable Mode). Jutla discloses that an offset (Sj in Fig 2) is combined 
with a message block before the block cipher. It would have been obvious to one of ordinary skill in the 

25 art at the time the invention was filed to incorporate the ideas of Jutla with those of Gligor and combine an 
offset with a message block before the block cipher because doing so incorporates an additional 
technique to provide further encipherment and thus more security for the data. 



Application/Control Number: 09/918,615 Page 6 

Art Unit: 2137 

Gligor in view of Jutla disclose an authentication-encryption technique which meets most of the 
limitations of the above claim. However, Gligor in view of Jutla do not disclose that the message 
fragment is combined with the pad to form the ciphertext fragment and that an offset is combined to form 
a precursor pad before the block encipherment. Menezes discloses combining the ciphertext fragment 
5 with the pad. Menezes discloses a block ciphering method known as Matyas-Meyer-Oseas in which an 
input message is combined with the result of a block cipher process to form ciphertext. Combining the 
ideas of Menezes with those of Gligor in view of Jutla would allow x4 to be combined at 92 with z4. It 
would have been obvious to one of ordinary skill in the art at the time the invention was filed to combine 
the ideas of Menezes with those of Gligor in view of Jutla because doing so incorporates an additional 
10 technique to provide further encipherment and thus more security for the data. 

Conclusion 

THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension 

of time policy as set forth in 37 CFR 1 .1 36(a). 
1 5 A shortened statutory period for reply to this final action is set to expire THREE MONTHS from 

the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date 

of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 

shortened statutory period, then the shortened statutory period will expire on the date the advisory action 

is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
20 the advisory action. In no event, however, will the statutory period for reply expire later than SIX 

MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should 

be directed to Kevin Schubert whose telephone number is (571) 272-4239. The examiner can normally 

be reached on M-F 7:30-6:00. 
25 If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 

Emmanuel Moise can be reached on (571) 272-3868. The fax phone number for the organization where 

this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
5 you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 



10 
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